Nearly every iPhone and iPad user has an iCloud account where they may store photos, backups and other sensitive data. Establishing or linking to an iCloud account is part of the setup process when turning on a new phone or iPad. Apple even provides 5GB of iCloud storage free to every account.
With all those personal photos, emails and more hanging out in iCloud, security should be at the top of your mind. So if your iCloud password is strong, your account is safe, right? Think again.
A security researcher has discovered a flaw in the iOS Mail app that allowed him to embed malicious code in emails designed to steal your iCloud password. The flaw causes a fake iCloud login box to pop up when you open up the malicious email. If you enter your password into the fake screen, the email sender now has access to your account.
It's very easy to fall for this clever phishing attack, because the fake iCloud login box looks identical to the legitimate box that pops up any time you need to verify your iCloud account for App Store purchases and other actions on your gadget.